| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Rocky 8.6 |
| Webmin version | 1.994 |
| Virtualmin version | 7.1. |
| Related packages | Let’s encrypt |
Hi
Just added a new domain and as not mail it doesn’t get an SSL cert during creation. Simple enough to them go to SSL options and then create one. After the creation I get the following error message and I haven’t been able to find an answer to it.
Did the Let’s Encrypt request go through properly ? Whenever I request the SSL certificates Virtualmin requests all sorts of other subdomains with things like “admin” and “webmail” in front of the main domain. This fails the Let’s Encrypt request until I specify a single domain in “Domain names listed here:”.
I get the same problem with the Let’s Encrypt certificate not being issued during set up. After the domain had been created I go to the SSL part of the menu on the left and put only mydomain.com and www.mydomain.com in the box so not requesting for all the additional domains and it does successfully create the certificate. I don’t know how to or if I even need to get a certificate for all those additional domains.
@Jamie, I think we could also disable validation upon domain creation time, when Let’s Encrypt request happens in the background. It is tried only once and it won’t make much difference towards the limit, if it fails once. While leaving tests optionally available when SSL is requested/setup manually using virtual-server.name - Server Configuration ⇾ SSL Certificate page, is a good thing.
Additionally, we could try to fix our tests, to make sure they are not false positive.
@grant-1972 What error do you get exactly, if you try to request SSL certificate manually with enabled validation? Do you use cloud DNS or host it locally?
Hi @Ilia
I use Cloudflare for my DNS.
The error I get when installing a new virtual server is:
Requesting a certificate for domain.com, www.domain.com from Let’s Encrypt …
… domain validation failed
I also get the following error but do not know if that is related:
Starting FCGIwrap server …
… failed : /var/fcgiwrap/165459915684811.sock/socket
And I also get the error message shown in the red block as shown in the original post.
Now when I go to Server configuration > SSL certificate I get:
Requesting a certificate for domain.com, www.domain.com, mail.domain.com from Let’s Encrypt …
… request failed : Web-based validation failed :
Requesting a certificate for domain.com and 2 more domains
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mail.domain.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for mail.domain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.domain.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I have put in the A and AAAA records at Cloudflare.
When I just make the LetsEncrypt request for domain.com and www.domain.com it works perfectly. Is it not possible to create a certificate that covers mail and webmail?
Hope this is the information that you need but if you need more please just let me know.
Many thanks
You shouldn’t do this manually, as Virtualmin Pro can update those records automatically.
@Jamie, can you check that we update cloud DNS records for webmail, mail and other aliases created by features?
I just thought it wise to try before I asked for help to put IPv4 and IPv6 at Cloudflare as I was getting the errors that I mentioned above. So I tried only IPv4, only IPv6 and both and it gave me the same result. I am not using Pro on that server. Are you saying that if I was using Pro on this server that it would update the records automatically? What would I need to do in Pro for this to happen or does it just do that without me doing something in the settings?
Thanks @Ilia
Hi again @Ilia
I have used my Pro serial and key to upgrade to Pro but get the following message.
Rocky Linux 8 - AppStream 11 MB/s | 8.4 MB 00:00
Rocky Linux 8 - BaseOS 4.7 MB/s | 2.6 MB 00:00
Rocky Linux 8 - Extras 23 kB/s | 11 kB 00:00
Rocky Linux 8 - PowerTools 3.5 MB/s | 2.3 MB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 31 MB/s | 11 MB 00:00
Extra Packages for Enterprise Linux Modular 8 - 3.7 MB/s | 1.0 MB 00:00
Remi’s Modular repository for Enterprise Linux 1.5 MB/s | 980 kB 00:00
Safe Remi’s RPM repository for Enterprise Linux 3.6 MB/s | 2.1 MB 00:00
Virtualmin 7 - x86_64 14 kB/s | 4.9 kB 00:00
Virtualmin 7 GPL - noarch 830 B/s | 233 B 00:00
Errors during downloading metadata for repository ‘virtualmin-noarch’:
Is this because I am using the beta version?
Many thanks
Yes, with Pro version CloudFlare DNS handled fully by Virtualmin (it even supports wildcard certificates requests over DNS).
Although, we are working with Jamie now on adding improvements to proxied mode and importing existing records (as with current version of Virtualmin, it fails, if domain pre-exists on CloudFlare side). This all will be fixed on the next small Virtualmin release.
I’m not sure I understand what this error below has to do with it though as it said: Upgrading to Virtualmin Pro …
… failed
Once I have the Pro version installed without those errors I shall see how to do what you say about Cloudflare and hopefully be successful.
Many thanks
Not sure but you can download latest development version of install.sh script and run it with --setup flag to fix your repos.
You must never share you serial and license information in public. I have invalidated your license. Check your Virtualmin.com - My Account page to get license-change command and apply it to your server.
Oh gosh, I’m sorry. I didn’t notice I had done that.
I’ll try your suggestion and see how things go.
Many thanks
I’ve followed the instructions and downloaded the latest development version in your link above, which shows RC9 and run it with --setup and all worked.
I have also used the licence-change command and followed that through. Now my server is showing 7.1 Pro. When I clicked on the link to recheck licence it gave me the following error.
Now re-checking your Virtualmin license …
… license is valid. It is valid for 10 Virtualmin domains, and for use on 1 systems until 2022-07-04.
However, a temporary problem occurred during this license check : An error occurred checking the licence : Invalid host or serial number .
Could you please guide me on what to do about this (or if you think I should open a new topic please tell me so).
Many thanks
Do you mean, do we add those DNS records if the Email feature is enabled after domain creation?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
